Password Manager 5.8.2 - Administrator Guide (AD LDS edition)

About Password Manager Getting Started Upgrading Password Manager to 5.8.1 Password Manager Architecture Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings Password Policies One Identity Hybrid Subscription One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

Checklist: Installing Password Manager

Checklist: Installing Password Manager

This checklist provides tasks that an administrator should perform when installing Password Manager.

 

Table 1:  Checklist for installing Password Manager for AD LDS

Step

Reference

Before you install Password Manager, you should configure Password Manager Service account and application pool identity.

Configuring Password Manager Service Account and Application Pool Identity

It is strongly recommended that you enable HTTPS on the server where Password Manager is installed.

Enabling HTTPS

Install an instance of Password Manager.

Steps to Install Password Manager

Extend AD LDS schema

Extending AD LDS Schema

Initialize a Password Manager Instance

Instance Initialization

Installing Password Manager

Installing Password Manager

This section describes how to install Password Manager. You will learn how to configure Password Manager Service account and application pool identity. A separate section will guide you through the steps required to install Password Manager. For more information see Typical Deployment Scenarios.

Configuring Password Manager Service Account and Application Pool Identity

Configuring Password Manager Service Account and Application Pool Identity

When installing Password Manager, you are prompted to specify two accounts: Password Manager Service account and application pool identity. Password Manager Service account is an account under which Password Manager Service runs.

You can also use the Password Manager Service account to connect to an AD LDS instance when configuring user and helpdesk scopes. To do this, ensure that Password Manager Service account has the required minimum permissions. For more information, see Configuring Permissions for Access Account.

Application pool identity is an account under which the application pool's worker process runs. The account you specify as the application pool identity will be used to run Password Manager Web sites.

For Password Manager to run successfully, the accounts you specify when installing Password Manager must meet the following requirements:

  • Password Manager Service account must be a member of the Administrators group on the Web server where Password Manager is installed.

  • Application pool identity account must be a member of the IIS_IUSRS local group on the Web server in IIS 7.0 and must have permissions to create files in the <Password Manager installation folder>\App_Data folder.
  • Application pool identity account must the full control permission set for the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager for AD LDS.

Before you install Password Manager, make sure that the Password Manager Service account and application pool identity have the rights listed above.

Enabling HTTPS

Enabling HTTPS

We strongly recommend that you use HTTPS with Password Manager. The secure hypertext transfer protocol (HTTPS) is a communications protocol designed to transfer encrypted information between computers over the World Wide Web.

For instructions on how to configure SSL in order to support HTTPS connections from client applications, see the article “Configuring Secure Sockets Layer in IIS 7" at http://technet.microsoft.com/en-us/library/cc771438%28WS.10%29.aspx.

NOTE: To enable the Password Manager installation to be redirected from HTTP to use HTTPS by default, the HSTS (web security policy mechanism) functionality must be enabled. To enable HSTS in Password Manager, in the "HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager" registry key, set the registry value of the "HSTSEnabled" string to "true".
Related Documents